Scenario

Customer has a Vigor2830n router providing Wi-Fi access wireless on their LAN for internal staff. Staff can also access the Internet using a wired LAN connection to the LAN.

Additional requirement…

Customer wants guests to have limited access to the internet via wireless but no access to the local corporate LAN via wireless. Ideally a password to access internet resources (only guests should have to enter a password) and some time limit and/or usage limits.

Configuration Overview

For this scenario we will create a separate VLAN with its own IP subnet for guest users. Also a separate Wi-Fi SSID will be created for guests only and this will be allocated to the guest VLAN. Guest user ID’s will be created in the User Management section in the router and a time and data quota allocated according to a time schedule. Next, set up firewall rules to force guest users to log into the network and be allocated the time and data quota. Internal staff does not need to be authenticated by the router.

Step 1: Create Guest VLAN

Go to LAN>>VLAN configuration menu. Select Enable and allocate each LAN port and Wireless LAN SSID to the appropriate VLAN. Here we place all LAN ports and SSID to VLAN0 (Staff network) except for SSID2 which is allocated to VLAN1 (Guest network). The guest network is also allocated to LAN2 IP subnet.

Step 2: Create Guest IP Subnet

Go to LAN>>General Setup configuration menu and enable LAN2 and assign an IP subnet. Here we used 192.168.2.1. Click on Details page to enable this LAN and enter required DHCP details.

Step 3: Create Guest Wi-Fi SSID

Go to Wireless LAN>>General Setup and enable the guest wireless LAN. Here we enabled SSID 2 and named it guests. We also select Isolate Member and Isolate VPN options to prevent access to other network users.

Go to User Management>>General Setup configuration menu. Select the mode to be Rule-Based. This is required to make guest users log into the network and be authenticated before they can access the Internet. Also a landing page can be specified here if you wish to direct them to your website.

For more information on how to use the Landing Page feature, click here

Step 4.b - Create Guest User Accounts

Go to User Mangement>>User Profile configuration menu and select the next available index and create required users. We have created two users “guest1” and “guest2” for guest1 we have allowed 10 concurrent log in sessions and also selected authentication method as well as enabling the Landing Page. Towards the bottom of the page we have enabled the time and data quota according to a time schedule.

For more information onHow to Use User Management – with Time Quota including setting up the Schedule featureclick here

Step 4.c - Create Guest User Group

Go to “UserManagement>>User Group” configuration menu and create a group to include all the guest user names. Here we have created a group called “guest users” to include guest1 and guest2 users. This group will be used in the firewall configuration.

Step 5: Create Firewall Rules

In this last step we create a firewall rule that when a guest user tries to access the Internet they will be required to authenticate and be directed to the web landing page.

Step 6: Test Guest login

The last step is to login into the guest Wi-Fi network. You should see a prompt to enter the username and password. If authentication is successful you will be directed to a landing web page and can then browse the Internet

Go to “User Management>>User Online Status” page to check how many users are logged in. You will see who is logged in and how long they have been connected.